The research was conducted in July to help understand the main concerns of business leaders following COVID-19 and over half (54%) of executives interviewed said their business had been subject to increased cyber-attacks as a result of COVID-19. As a result around a third (30%) said that cyber-crime is now one of the biggest concerns.
The survey revealed that this is an issue across most business sectors, however bosses working in construction (77% of all directors), utilities (73%) and hospitality & leisure (67%) are those that report the highest increase in suspicious emails and texts.
The issue is unlikely to go away, with 80% of executives saying working from home will increase as a result of successful remote working during COVID-19. This style of working brings with it additional risks as workers are often not as attuned to attacks as they would be in the office environment and IT security may be compromised in a remote working environment.
Employees working from remote locations are also more likely to take risky actions that place data outside the firm’s defences and control. For example:
- An employee trying to print or share a sensitive file may send the file to his or her personal email address, exposing the data to loss.
- An employee may transfer files to an insecure portable storage device, such as a USB stick, that is easily lost, misplaced, or forgotten.
- An employee may transfer or share files through unapproved cloud-storage or file-sharing solutions, exposing the data to loss and discovery.
All these actions place data outside the firm’s defences and retention practices. Research from Specops found in terms of what kinds of cyber-attacks companies are most concerned about, 96% cited ransomware as a major concern, followed by crypto jacking (74%) and phishing (67%)1.
Johnty Mongan, Cyber Risk Consultant at Gallagher, said: “Cyber-crime is a major issue for UK businesses and with changes in the way lots of businesses operate, criminals will be alert to the opportunities this presents. There has been an increase in highly sophisticated scam attempts that are using details like emails, messages and texts which are personalised to that individual to validate and authenticate their bogus requests. We’ve seen cyber criminals using COVID-19 as a way to scam individuals, for example, purporting to be from their employer and asking for information relating to the pandemic.”
Steps to Minimise Risk
To help minimise risk to your firm’s network and data, actions can be taken while working remotely.
- Remember that technical defences, while good, cannot fully protect you or your organisation. Attackers know that employees are often a weak link in security and will most often target them to get what they want. Employee actions remain the best defence against these attacks.
- Beware of unexpected authentication requests if you use this form of security. If you or one of your employees receive a request to approve a connection you did not start, do not approve the request. Report the unexpected request in the usual way to your IT helpdesk or other resource performing that role.
- Do not click on untrusted links or open attachments. These links and attachments can be very convincing. If unsure, confirm with the sender or ask the helpdesk for assistance.
- Beware of emails and other messages that relate to breaking news, surprising information, or other urgent message – especially related to COVID-19 – to entice you to act now.
- Question anything unusual and do not take any chances with offers to do things like ‘Free Upgrade’ which is an example of the increasing number of mobile-based scam attempts that are becoming more commonplace.
- Phishing emails will often create a false sense of urgency or fear, sometimes outright threatening you. Know that legitimate organisations won’t use these tactics. Check that the sender’s email address is exactly in the format of previous emails, and if telephoning to check an email’s veracity don’t simply rely on the phone number given in that email. Report suspicious emails to your IT team as an attachment, rather than a forward.
Johnty, added: “Cyber- attacks are a part of modern day business and regardless of the steps taken to protect a firm, they can still happen. Having robust standalone cyber insurance in place can help protect against the financial, reputational and operational impact of an attack. Gallagher’s specialist team can provide a cyber-protection programme that’s carefully tailored to your industry and particular business.
“Through our cyber risk management service we can ensure your organisation is armed against cyber threats. We will get to know your business, starting with a review of your IT security and infrastructure to identify any vulnerabilities. We’ll also look at ways we can help educate and equip your people to reduce the risk of cyber-attacks and data breaches in order to improve online security throughout your business.”
1. Specops https://specopssoft.com/blog/sectors-experiencing-most-cyber-attack-threats-while-working-from-home/
This note is not intended to give legal or financial advice, and, accordingly, it should not be relied upon for such. It should not be regarded as a comprehensive statement of the law and/or market practice in this area. In preparing this note we have relied on information sourced from third parties and we make no claims as to the completeness or accuracy of the information contained herein. It reflects our understanding as 06/08/2020, but you will recognise that matters concerning COVID-19 are fast changing across the world. You should not act upon information in this bulletin nor determine not to act, without first seeking specific legal and/or specialist advice. Our advice to our clients is as an insurance broker and is provided subject to specific terms and conditions, the terms of which take precedence over any representations in this document. No third party to whom this is passed can rely on it. We and our officers, employees or agents shall not be responsible for any loss whatsoever arising from the recipient’s reliance upon any information we provide herein and exclude liability for the content to fullest extent permitted by law. Should you require advice about your specific insurance arrangements or specific claim circumstances, please get in touch with your usual contact at Gallagher. FinProms reference FP1061-2020
All data unless otherwise stated from research conducted by Opinium on behalf of Gallagher, between 26 June and 3 July, amongst 1008 senior decision makers in businesses employing over 250 people.